So VLAN routing is cruising right along... pretty zippy too I might add.. Love the speed of the 6224. everything on the network can ping too! okay for now, but not for long. in restricting the traffic between the VLANS, i seem to have misunderstood the ACE for the "gateway of last resort."
Let's say I want to permit all traffic on VLAN10 bound for and returning from the internet, and dump everything else. I would do the following:
SWITCH(config)# access-list INTERNET permit ip 192.168.1.0 0.0.0.255 0.0.0.0 0.0.0.0
SWITCH(config)# access-list INTERNET permit ip 0.0.0.0 0.0.0.0 192.168.1.0 0.0.0.255
and then
SWITCH(config-if-VLAN10)# ip access-group INTERNET
And then I could go get coffee.. Right?
If not, what the heck is it!? :P
IPB